|
266001
|
8.0 |
HIGH
Network
|
ubnt
|
edgeos
|
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) u…
|
CWE-352
Origin Validation Error
|
CVE-2017-0933
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266002
|
8.8 |
HIGH
Network
|
ubnt
|
edgeos
|
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with…
|
CWE-269
Improper Privilege Management
|
CVE-2017-0932
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266003
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
|
CWE-863
Incorrect Authorization
|
CVE-2017-0927
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266004
|
8.8 |
HIGH
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
|
CWE-863
Incorrect Authorization
|
CVE-2017-0926
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266005
|
7.2 |
HIGH
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaint…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-0925
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266006
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-0924
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266007
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-0923
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266008
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
|
CWE-863
Incorrect Authorization
|
CVE-2017-0922
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266009
|
8.8 |
HIGH
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
|
CWE-22
Path Traversal
|
CVE-2017-0918
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266010
|
6.1 |
MEDIUM
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
|
CWE-79
CWE-20
Cross-site Scripting
Improper Input Validation
|
CVE-2017-0917
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
